Skills or Certificates: What Should You Prioritize When Transitioning Into Cybersecurity?

When I first decided to pursue a career in cybersecurity, I didn’t know where to begin. Coming from a creative background, my closest brush with tech had been editing videos and managing websites - not exactly the stuff of penetration testing and firewall configurations. 

However, once I committed to this path, I quickly hit a wall that I believe many career changers face. Should I focus on getting certified or start learning and building practical experience? 

I thought the answer would be simple, but the more I researched, the more I realized how layered this question is, especially for beginners. 

In this article, I will share how I approached this dilemma, what helped me gain momentum, and what might help you too, if you’re just starting.

Free Resources That Opened the Door

You do not need to spend a lot of money to start your learning journey in cybersecurity. There are countless free and beginner-friendly resources online that can help you build foundational knowledge, explore different career paths, and even practice real-world skills in safe environments. 

Here is a list of resources I used to help me understand the core principles and basic concepts in cybersecurity. 

• Cisco’s Introduction to Cybersecurity course was the first real taste I got of what cybersecurity is. It helped me understand the “why” behind the work.
• ISC2’s Certified in Cybersecurity (CC) was my next step. It was free at the time and gave me a deeper understanding of the foundational principles of the field. I still consider this a great beginner-friendly certificate that recruiters respect.
• Platforms like TryHackMe, Portswigger, and Hack The Box helped me go from theory to practice. Instead of just watching videos, I was interacting with labs, solving puzzles, and learning through doing.
• YouTube channels like NetworkChuck, The Cyber Mentor, Hackersploit, and John Hammond – These creators break down technical concepts in engaging and easy-to-understand ways. I learned most about Linux OS and commands from Hackersploit. 
• CyberShujaa Training Program in collaboration with Serianu and USIU Africa, where I put theory into hands-on practice and met a bunch of other brilliant learners for peer to peer learning. 

These resources not only make cybersecurity more accessible, but they also help you build confidence, discover your interests, and start developing real skills from day one. 

But here’s the truth: self-paced learning is hard. You can be excited in week one, lost in week two, and burned out by week three. If you’re like me, who learns best in a group setting, here’s the next best thing. 

Finding a Learning Community

For someone like me who was constantly wondering, “Am I even doing this right?”, it was a relief to meet others who were figuring it out too. I joined cybersecurity-focused communities on Discord servers and WhatsApp groups. 

Most Discord servers I have joined have daily and weekly goals, study groups for TryHackMe and Hack The Box, CTF challenges, and forums where members are encouraged to participate and ask questions. You will be surprised at how willing people are to help and hold your hand through this journey. 

The WhatsApp groups I find are best for sharing information and discussing current industry trends like AI, new vulnerabilities, and much more. The best thing about these learning communities is that you meet people from all levels sharing what they are learning, struggling with, or building. 

If you're trying to stay disciplined on your own, I can’t recommend this enough: Find your tribe. Learning in isolation is a fast way to stall. Being around others—especially those who are just a few steps ahead—makes all the difference.

So… What About Certifications? Which Ones Matter and How Do You Know?

Certifications are important in cybersecurity. In most cases, it’s what gets you through the corporate door, but how do you narrow it down? I think the best strategy is to map the certificate to the career. Three important questions to ask yourself; 

• What roles are in demand?
• What skills do they require?
• What certifications align with those roles?

I went ahead and did some research, and this is what I discovered, according to CyberSeek and the ISC2 workforce study. The table below shows the cybersecurity roles that are in demand, the certifications needed, and the cost.  

Many of these have coupons or scholarships available, especially for students, women in tech, and learners in Africa. I encourage you to ask around in communities or follow organizations on LinkedIn. If you’ve found any discount links or exam vouchers, please share them in the comments—someone out there might need it more than you know.

Security Analyst • Certs: CompTIA Security+, Cisco CyberOps Associate • Cost: ~$300–$392 • Where to Take It: Pearson VUE, Cisco

SOC Analyst (Tier 1/2) • Certs: CompTIA CySA+, Splunk Core Certified User • Cost: ~$392 + ~$130 • Where to Take It: CompTIA, Splunk.com

Penetration Tester • Certs: eJPT, OSCP, CEH • Cost: $200–$1599 • Where to Take It: Offensive Security, INE, EC-Council

GRC Analyst (Governance, Risk, Compliance) • Certs: ISC2 Certified in Cybersecurity (CC), CompTIA Security+, CGRC • Cost: Free–$599 • Where to Take It: ISC2, CompTIA

Cloud Security Specialist • Certs: AWS Certified Cloud Practitioner (CCP), Microsoft Azure SC-900 • Cost: $100–$300 • Where to Take It: AWS, Microsoft

Choosing a high-paying and in-demand cybersecurity career path can be rewarding, but what if we reverse the question and instead of asking which certificate is best, we ask What job do I want? 

Balancing Passion and Pay: High Earning VS High Fit Roles

Honestly, one of the main reasons I transitioned into cybersecurity is that it is a lucrative tech field. Roles like penetration tester, cloud security specialist, and AI threat analyst often report salaries well into six figures in USD. That caught my attention.

Soon, I realized chasing high pay without personal interest would not last. My previous career allowed for flexibility in learning, which made it enjoyable. I am a good writer, editor, and producer, but I have also been an art director, production manager, makeup artist, etc. 

My point, it will take you some exploring to find what you’re good at. So far, in cybersecurity, I have sampled SOC analysis, red teaming, Blue teaming, Forensics, and Bounty Hunting. I am slowly starting to realize what I like and how I can get better. 

Bottom line, start broad, then narrow down to roles that light you up and pay well. 

So What Should You Prioritize?

Honestly? Both matter. But here’s what I’ve learned:

• Certifications open the door—they prove you’ve studied, passed an exam, and understand core principles.
• Skills keep you moving—they help you build confidence, solve real problems, and show employers that you can do the work.

Don’t chase every certificate—start with the ones that align with your chosen path and supplement them with hands-on projects. The biggest thing that has helped me on this journey is finding a community, staying consistent, and asking for help.

Let’s Learn From Each Other

If you're a cybersecurity professional, I’d love to hear your take: What do you think transitioners should focus on first—skills, certificates, or something else entirely?

If you're a recruiter, What do you look for in applicants coming from non-traditional backgrounds? What makes someone stand out to you?

And if you're a fellow transitioner like me, What helped you the most—free resources, community support, practice labs, or that one breakthrough course?

Please share your story, your favorite resources, your challenges, or even your questions. Someone reading this might be right where you were, and your comment could be the nudge that keeps them going.